% !TEX root = owasp-doc.tex
\clearpage
\textbf{MITRE Resources}
The increased frequency of LLM threats emphasizes the value of a
resilience-first approach to defending an organization's attack surface.
Existing TTPS are combined with new attack surfaces and capabilities in LLM
Adversary threats and mitigations. MITRE maintains a well-established and
widely accepted mechanism for coordinating opponent tactics and procedures
based on real-world observations.

Coordination and mapping of an organization's LLM Security Strategy to MITRE
ATT\&CK and MITRE ATLAS allows an organization to determine where LLM Security
is covered by current processes such as API Security Standards or where
security holes exists.

MITRE ATT\&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a
framework, collection of data matrices, and assessment tool that was made by
the MITRE Corporation to help organizations figure out how well their
cybersecurity works across their entire digital attack surface and find holes
that had not been found before. It is a knowledge repository that is used all
over the world. The MITRE ATT\&CK matrix contains a collection of strategies
used by adversaries to achieve a certain goal. In the ATT\&CK Matrix, these
objectives are classified as tactics. The objectives are outlined in attack
order, beginning with reconnaissance and progressing to the eventual goal of
exfiltration or impact.

MITRE ATLAS, which stands for "Adversarial Threat Landscape for Artificial
Intelligence Systems," is a knowledge base that is based on real-life examples
of attacks on machine learning (ML) systems by bad actors. ATLAS is based on the
MITRE ATT\&CK architecture, and its tactics and procedures complement those
found in ATT\&CK.
%%% TABLE FORMATTING
\setlength\LTleft{0pt}
\setlength\LTright{0pt}
\begin{longtable}[c]{|p{0.25\textwidth}|p{0.25\textwidth}|p{0.35\textwidth}|}
  %%% Header and footer information
  \hline
  \rowcolor{owasplightpurple}
  \textbf{MITRE Resource} &
  \textbf{Description} &
  \textbf{Why It Is Recommended \& Where To Use It} \\
  \hline
  \endfirsthead
  \hline
  \rowcolor{owasplightpurple}
  \textbf{MITRE Resource} &
  \textbf{Description} &
  \textbf{Why It Is Recommended \& Where To Use It} \\
  \hline
  \endhead
  \endfoot
  %%% TABLE DATA STARTS HERE
  \href{https://attack.mitre.org/}{MITRE ATT\&CK} &
  Knowledge base of adversary tactics and techniques based on real-world observations &
  The ATT\&CK knowledge base is used as a foundation for the development of
  specific threat models and methodologies. Map existing controls within the
  organization to adversary tactics and techniques to identify gaps or areas to
  test. \\
  \hline
  \href{https://medium.com/mitre-engenuity/att-ck-workbench-2-0-your-bench-your-team-your-most-relevant-ttps-5b9620457ef4}{MITRE AT\&CK Workbench} &
  Create or extend ATT\&CK data in a local knowledge base &
  Host and manage a customized copy of the ATT\&CK knowledge base. This local
  copy of the ATT\&CK knowledge base can be extended with new or updated
  techniques, tactics, mitigation groups, and software that is specific to your
  organization. \\
  \hline
  \href{https://atlas.mitre.org/}{MITRE ATLAS} &
  MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems)
  is a knowledge base of adversary tactics, techniques, and case studies for
  machine learning (ML) systems based on real-world observations, demonstrations
  from ML red teams and security groups, and the state of the possible from
  academic research &
  Use it to map known ML vulnerabilities and map checks and controls for
  proposed projects or existing systems. \\
  \hline
  \href{https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/attack-powered-suit/}{MITRE ATT\&CK Powered Suit} &
  ATT\&CK Powered Suit is a browser extension that puts the MITRE ATT\&CK
  knowledge base at your fingertips. &
  Add to your browser to quickly search for tactics, techniques, and more
  without disrupting your workflow. \\
  \hline
  \href{https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/threat-report-attck-mapper-tram/}{The Threat Report ATT\&CK Mapper (TRAM)} &
  Automates TTP Identification in CTI Reports &
  Mapping TTPs found in CTI reports to MITRE ATT\&CK is difficult, error prone,
  and time-consuming. TRAM uses LLMs to automate this process for the 50 most
  common techniques. Supports Juypter notebooks. \\
  \hline
  \href{https://center-for-threat-informed-defense.github.io/attack-flow/}{Attack Flow v2.1.0} &
  Attack Flow is a language for describing how cyber adversaries combine and
  sequence various offensive techniques to achieve their goals.  &
  Attack Flow helps visualize how an attacker uses a technique, so defenders
  and leaders understand how adversaries operate and improve their own
  defensive posture. \\
  \hline
  \href{https://caldera.mitre.org/}{MITRE Caldera} &
  A cyber security platform (framework) designed to easily automate adversary
  emulation, assist manual red-teams, and automate incident response. &
  \href{https://caldera.readthedocs.io/en/latest/Plugin-library.html}{Plugins} are available for Caldera that help to expand the core capabilities
  of the framework and provide additional functionality, including agents,
  reporting, collections of TTPs and others
 \\
  \hline
  \href{https://github.com/mitre-atlas/arsenal}{CALDERA plugin: Arsenal} &
  A plugin developed for adversary emulation of AI-enabled systems.  &
  This plugin provides TTPs defined in MITRE ATLAS to interface with CALDERA. \\
  \hline
  \href{https://github.com/redcanaryco/atomic-red-team}{Atomic Red Team} &
  Library of tests mapped to the MITRE ATT\&CK framework. &
  Use to validate and test controls in an environment. Security teams can use
  Atomic Red Team to quickly, portably, and reproducibly test their environments.
  You can execute atomic tests directly from the command line; no installation
  is required.
 \\
  \hline
  \href{https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/cti-blueprints/}{MITRE CTI Blueprints} &
  Automates Cyber Threat Intelligence reporting. &
  CTI Blueprints helps Cyber Threat Intelligence (CTI) analysts create
  high-quality, actionable reports more consistently and efficiently.
 \\
  \hline
  %%% TABLE DATA ENDS HERE
  \caption{MITRE Resources}
  \label{tab:mitre-resources}
\end{longtable}